Information Security and Long-Term Digital Preservation in Public Governance: Regulatory Alignment, Archival Integrity, and Technology Choices

Volodymyr Marchenko

doi:10.36690/2674-5216-2025-4-68-77

Authors

Volodymyr Marchenko Kharkiv National University of Internal Affairs https://orcid.org/0000-0003-1921-3041

DOI:

https://doi.org/10.36690/2674-5216-2025-4-68-77

Keywords:

public governance, electronic documents, information security governance, digital preservation, evidentiary integrity, access control, custody rules, cryptographic change, interoperability, resilience planning, archival repositories, blockchain registries

Abstract

Digital transformation has turned information into a strategic resource of public governance, where administrative legitimacy and service continuity depend on secure electronic document management and resilient state information infrastructures. The central challenge is not only operational uptime, but also the legal validity, integrity, and evidentiary sustainability of electronic records across their lifecycle. The file emphasises that information security in public administration must be treated as a multidimensional governance phenomenon that integrates legal regulation, institutional arrangements, organisational procedures, technical safeguards, and the human factor. The objective is to substantiate a governance framework that strengthens information security and long-term digital preservation of official e-documents by aligning legal requirements with standards-based controls and technology architecture choices. The study uses integrated qualitative analysis combining formal-legal systematisation of e-document circulation requirements with comparative mapping to international standards and EU-aligned instruments. It also applies threat-informed reasoning to connect governance prescriptions with dominant incident patterns, and criteria-based evaluation of preservation architectures focused on evidentiary integrity, interoperability, and long-horizon validation. The results identify a comprehensive threat set for public e-document ecosystems, including theft, interception, modification, unauthorised use, disruption, destruction, concealment of socially significant information, and unlawful handling of personal data. These risks arise from mixed failure modes, such as external intrusion, insider misuse, governance gaps, and weak coordination, so effective protection requires combined procedural and technical controls, especially identity and access management, cryptography, monitoring, and documented custody rules. The file further shows that long-term preservation is a distinct capability problem because evidentiary value must survive cryptographic change and tool turnover; blockchain can support registry integrity, yet it is unsuitable as a long-horizon archival substrate beyond ten years due to legal and technical risks. Public-sector record protection should be implemented as a unified security and preservation governance system grounded in auditable procedures and interoperable repositories. Future work should test models for renewing long-term validation, evaluate interoperability performance of repository architectures, and assess hybrid designs linking registry event integrity to archival preservation with reproducible verification.

Downloads

Download data is not yet available.

Author Biography

Volodymyr Marchenko, Kharkiv National University of Internal Affairs

Doctor of Science (Law), Professor, Professor of the Department of Law Enforcement, Kharkiv National University of Internal Affairs, Kharkiv

References

Castells, M. (1996). The rise of the network society. Blackwell.

Council of Europe. (1981). Convention for the protection of individuals with regard to automatic processing of personal data (ETS No. 108). https://rm.coe.int/1680078b37

ENISA. (2025, November 6). Public administration increasingly targeted by DDoS attacks. https://www.enisa.europa.eu/news/public-administration-increasingly-targeted-by-ddos-attacks

ENISA. (2025). ENISA sectorial threat landscape: Public administration (2024). https://www.enisa.europa.eu/sites/default/files/2025-11/ENISA%20Public%20Administration%20TL%202024_0.pdf

European Commission. (n.d.). NIS2 Directive: Securing network and information systems. https://digital-strategy.ec.europa.eu/en/policies/nis2-directive

European Parliament and Council of the European Union. (2014). Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS). https://eur-lex.europa.eu/eli/reg/2014/910/oj/eng

IBM Security, & Ponemon Institute. (2024). Cost of a data breach report 2024. https://cdn.table.media/assets/wp-content/uploads/2024/07/30132828/Cost-of-a-Data-Breach-Report-2024.pdf

ISO. (2012). ISO 14721:2012. Open archival information system (OAIS): Reference model. https://www.iso.org/standard/57284.html

ISO. (2016). ISO 15489-1:2016. Records management: Concepts and principles. https://www.iso.org/standard/62542.html

ISO. (2022). ISO/IEC 27001:2022. Information security management systems. https://www.iso.org/standard/27001

ISO. (2022). ISO/IEC 27002:2022. Information security, cybersecurity and privacy protection: Information security controls. https://www.iso.org/standard/75652.html

Marchenko, V. (2025). Digitalization of Public Administration: Conceptual Foundations, Institutional Change, and Implementation Policy. In V. Marchenko (Ed.), Intellectual property: protection in modern conditions. 208 p. (pp. 10-26). Scientific Center of Innovative Research. https://doi.org/10.36690/IPP-10-26

Verizon. (2025). 2025 data breach investigations report: Executive summary. https://www.verizon.com/business/resources/reports/2025-dbir-executive-summary.pdf

Verkhovna Rada of Ukraine. (2003). On electronic documents and electronic documents circulation: Law of Ukraine No. 851-IV (May 22, 2003). https://zakon.rada.gov.ua/go/851-15